Sha256: 5760ed363bf399192f3093d73dd47b545f6cc8a11b657c00f81217d41a9c605a
Contents?: true
Size: 1.25 KB
Versions: 8
Compression:
Stored size: 1.25 KB
Contents
require 'spec_helper'
class ForgeriesController < ActionController::Base
include Clearance::Controller
protect_from_forgery
if respond_to?(:before_action)
before_action :require_login
else
before_filter :require_login
end
# This is off in test by default, but we need it for this test
self.allow_forgery_protection = true
def create
redirect_to action: 'index'
end
end
describe ForgeriesController do
context 'signed in user' do
before do
Rails.application.routes.draw do
resources :forgeries
get '/sign_in' => 'clearance/sessions#new', as: 'sign_in'
end
@user = create(:user)
@user.update_attribute(:remember_token, 'old-token')
@request.cookies['remember_token'] = 'old-token'
end
after do
Rails.application.reload_routes!
end
it 'succeeds with authentic token' do
token = controller.send(:form_authenticity_token)
post :create, authenticity_token: token
expect(subject).to redirect_to(action: 'index')
end
it 'fails with invalid token' do
post :create, authenticity_token: 'hax0r'
expect(subject).to deny_access
end
it 'fails with no token' do
post :create
expect(subject).to deny_access
end
end
end
Version data entries
8 entries across 8 versions & 1 rubygems